Closed Bug 169085 Opened 22 years ago Closed 22 years ago

No alert for Encrypted/Unencrypted mix and displays both during HTTPS session

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
PowerPC
Mac System 9.x
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: ramzewe, Assigned: security-bugs)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0

Netscape 7.0 does not alert the user when viewing a page that contains encrypted
and unencrypted data, worse it displays the unencrypted data.

This is contrary to the correct behavior in Netscape 4.x which alerts the user
and does NOT display unencrypted data.

Reproducible: Always

Steps to Reproduce:
1.load the following link during an HTTPS session:

<img src="http://images.00mm.net/metrowerks/images/spacer.gif" width="1"
height="1" alt="" border="0"></td>

(often ab-used for web bug email tracking...)
Actual Results:  
1. There WILL NOT be an alert indicating that "You have requested a secure
document that contains some insecure information. The insecure information will
not be shown." And the insecure information WILL be shown.

Expected Results:  
Should produce the above alert and NOT show the insecure information, as would
be the case using Netscape 4.x
ramzewe  - Thanks for your input, but the correct place for
reporting Netscape 7 bugs is <http://channels.netscape.com/ns/browsers/7/feedback/
default.jsp>. 
Unfortunately, mozilla.org doesn't have the resources to cope with their bugs as well as
our own. :-) Additionally, lots of stuff which is broken in their version
is now fixed in ours.

However, if you see this problem in a recent build of Mozilla, feel free
to return and ask for this bug to be reopened.

Marking INVALID (don't take it personally, Bugzilla doesn't have a politer option
;-)

Greg
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
Summary: No alert for Encrypted/Unencrypted mix and displays both during HTTPS session → No alert for Encrypted/Unencrypted mix and displays both during HTTPS session
I also don't see expected message while using flash player with Firefox 3.0.6.

Also I found this message in support: No warning about unencrypted content when it should be thrown (http://support.mozilla.com/tiki-view_forum_thread.php?comments_parentId=259140&forumId=1).

Indicated example is: https://www.opengrow.com/secure.html.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)
You need to log in before you can comment on or make changes to this bug.